National Credential
Credential: CERT - Certified Computer Security Incident Handler (CSIH)  GI Bill resource
Credentialing Agency: CERT - Software Engineering Institute

The CERT-Certified Computer Security Incident Handler (CSIH) certification program is targeted to computer network incident handling professionals, computer security incident response team (CSIRT) members and technical staff, system and network administrators with incident handling experience, incident handling trainers and educators, and cyber security technical staff. One or more years of experience in incident handling and/or equivalent security-related experience.

More information can be found on the certifying agency's website.

Renewal Period: 3 years

CERT - Certified Computer Security Incident Handler (CSIH)

The following Army Occupations provide training and/or experience that contributes to attaining this credential:

Personnel Category Occupation Occupation Type Related As Promotion Points Skill Level Star Proponent Funded Gap Analysis
Enlisted 17C Cyber Operations Specialist MOS some  Promotion Points: This certification has been approved for promotion points. Click for more information.        
Enlisted 25B Information Technology Specialist MOS some  Promotion Points: This certification has been approved for promotion points. Click for more information.        
Enlisted 25D Cyber Network Defender MOS some          
Enlisted 25N Nodal Network Systems Operator-Maintainer MOS other          
Enlisted 25U Signal Support Systems Specialist MOS other          
Enlisted 35Q Cryptologic Cyberspace Intelligence Collector - Analyst MOS most  Promotion Points: This certification has been approved for promotion points. Click for more information. II      
Enlisted E6 Interactive On-Net Operator ASI some          
Warrant Officer 255N Network Management Technician WOMOS other        

Army Table Legend


Related As

The military occupations shown in this table are related to this credential in one of four ways: Most, Some, or Other.

Most: This credential is directly related to most of the major duties associated with the military occupation (at least 80%). Note that the credential may require additional education, training or experience before you are eligible for it.

Some: This credential is related to some tasks associated with the duties of the military occupation (related 80% to at least one or more critical tasks but less than 80% of all of the entire military occupation). Note that the credential may require additional education, training or experience before you are eligible for it.

Other: This credential is related to this military occupation, but is more advanced or specialized and therefore will likely require additional education, training, or experience.

Promotion Points Promotion Points icon

This credential has been approved for promotion points for this MOS towards promotion to Sergeant and Staff Sergeant. Clicking the Promotion Points icon will open a link to the promotion points fact sheet.

Skill Level Designation

Skill Level I: This skill level consists of all Soldiers in the ranks of Private (pay grade E-1) up to Specialist (pay grade E-4). Time in Service (TIS) is generally between initial entry and four Years of Service (YOS). This skill level is Entry-level positions requiring performance of tasks under direct supervision.

Institutional training:

  • Structured Self-Development (SSD) level I
  • Basic Leader Course (BLC)

Skill Level II: This skill level is obtained when promoted to Sergeant (paygrade E-5). TIS is generally between 4-8 YOS. Positions requiring performance of more difficult tasks under general supervision; and in some instances, involving supervision of Soldiers in SL1.

Institutional training:

  • Structured Self-Development (SSD) level II
  • Advance Leader Course (ALC)

Skill Level III: This skill level is obtained when promoted to Staff Sergeant (paygrade E-6). TIS is generally between 8-12 YOS. Positions requiring performance of still more difficult tasks and involving first line supervision of Soldiers in SL1 & SL2.

Institutional training:

  • Senior Leader Course (SLC)
  • Structured Self-Development (SSD) level III

Skill level IV: This skill level is obtained when promoted to the rank of Sergeant First Class (paygrade E-7). TIS is generally between 12-18 YOS. Positions requiring relatively detailed knowledge of all tasks specified for a given MOS, normally involving first-line supervision of Soldiers in SLs 1, 2, and 3, and involving managerial duties.

Institutional training:

  • Master Leader Course (MLC)
  • Structured Self-Development (SSD) level IV
  • Senior Enlisted Joint Professional Military Education (SEJPME) I Course

Skill level V: This skill level is obtained when promoted to the rank of Master Sergeant (paygrade E-8). TIS is generally between 18-22 YOS. Positions requiring direct and indirect leadership roles with expertise in company and battalion-level operations and competency across a given CMF, serving as members of a staff at every level in the Army, with a full understanding of the allocation of resources and their utilization in order to accomplish Army functions and missions.

Institutional training:

  • United States Army Sergeants Major Academy (USASMA)
  • Structured Self-Development (SSD) level V

Skill level VI: This skill level is obtained when promoted to the rank of Sergeants Major (paygrade E-9). TIS is generally between 22-30 YOS. Positions requiring organizational leadership roles with multi-dimensional expertise in units and teams on division, corps, and Army staffs, integrated with Joint, Interagency, Intergovernmental, and Multinational (JIIM) partners with a full understanding of the Force Generation process, operations at all echelons, and how the Army runs.

Star Credential Star icon

Star credentials are MOS enhancing, as designated by the Proponent. MOS enhancing credentials are directly related to an MOS or ASI, are taught either partially or completely as part of a Program of Instruction (POI), and improve the MOS technical proficiency.

Proponent Funded Funded icon

This icon indicates credentials which Soldiers may have funded through their MOS proponent. Some proponents offer credentialing opportunities in conjunction with military training and/or as part of MOS development beyond the training base.

Gap Analysis Has Analysis icon

A detailed analysis comparing the credential requirements to the military occupation has been completed. Click on the gap analysis icon to view the analysis page.

CERT - Certified Computer Security Incident Handler (CSIH)

Eligibility Requirements ()

Note: This credential may have multiple options for becoming eligible. Listed below are the minimum requirements based on the minimum degree required. To view other options, see the Eligibility tab.

  • Credential Prerequisite
  • Experience: 1 year
  • Education
  • Training
  • Membership
  • Other
  • Fee

Exam Requirements ()

  • Written Exam
  • Oral Exam
  • Practical Exam
  • Performance Assessment

Renewal Period: 3 years

  • Continuing Education
  • Exam
  • Continuing Education OR Exam
  • Fee
  • Other

CERT - Software Engineering Institute
4500 Fifth Avenue
Pittsburgh, PA  15212-2612
Phone: (412) 268-7090
Fax: (412) 268-6989
Email: info@sei.cmu.edu

CERT - Certified Computer Security Incident Handler (CSIH)

Candidates must have one or more years of experience in incident handling and/or equivalent security-related experience.

The CERT - Certified Computer Security Incident Handler (CSIH) credential has the following other requirements:

  • Candidates for CSIH must submit an application with a current resume and a Certification Recommendation Form. Applicants may take the exam only after notification of acceptance.

CERT - Certified Computer Security Incident Handler (CSIH)

  • Protect Infrastructure (7%)
    • Assist constituents with correcting problems identified by vulnerability scanning activities
    • Implement changes to the computing infrastructure (to stop or mitigate an ongoing incident, to stop or mitigate the potential exploitation of a vulnerability, or as a result of postmortem reviews or other process improvement mechanisms)
    • Provide constituents with guidance in best practices for protecting their systems and networks
  • Event/Incident Detection (17%)
    • Monitor networks and information systems for security
    • Analyze the data or indicators from the networks and systems being monitored
    • Enter event/incident reports received from the constituency into the incident management knowledgebase
    • Collect incident data and intrusion artifacts (e.g., malware, logs) to enable mitigation of incidents
    • Perform initial, forensically sound collection of images for forensic analysis and investigation
    • Identify missing data or additional sources of information and artifacts
    • Analyze intrusion artifacts and malware (e.g., malware, source code, Trojan horse programs) to understand their purpose and/or to identify the specific vulnerability
  • Triage and Analysis (28%)
    • Categorize events using the organization's standard category definitions
    • Perform correlation analysis on event reports to determine if there is affinity between two or more events
    • Prioritize events (includes determining scope, urgency, and potential impact)
    • Assign events for further analysis, response, or disposition/closure
    • Determine cause and symptoms of the incident
    • Perform vulnerability analysis
    • Determine the risk, threat level, or business impact of a confirmed incident
  • Respond (40%)
    • Develop an incident response strategy and plan to limit incident effect and to repair incident damage
    • Perform real-time incident response tasks (e.g., direct system remediation) to support deployable incident response teams
    • Determine the risk of continuing operations
    • Change passwords
    • Improve defenses
    • Remove the cause of the incident
    • Validate the system
    • Identify relevant stakeholders that need to be contacted or that may have a vested interest or vital role in communications about an organizational incident
    • Identify the appropriate communications protocols and channels (media and message) for each type of stakeholder
    • Coordinate, integrate, and lead team responses with other internal groups (e.g., IT, management, compliance, legal, human resources), according to applicable policies and procedures
    • Provide notification service to other constituents (e.g., write and publish guidance or reports on incident findings) to enable constituents to protect their assets and/or detect similar incidents
    • Report and coordinate incidents with appropriate external organizations or groups in accordance with organizational guidelines, policies, and procedures
    • Serve as technical experts and liaisons to law enforcement personnel (e.g., to explain incident details, provide testimony)
    • Track and document incidents from initial detection through final resolution
    • Assign and label data/information according to the appropriate class or category of sensitivity
    • Collect and retain information on all events/incidents in support of future analytical efforts and situational awareness
    • Enter information (shift change transitions, current state of activity) into an operations log or record of daily operational activity
  • Sustain (8%)
    • Perform risk assessments on incident management systems and networks
    • Run vulnerability scanning tools on incident management systems and networks

There are a number of resources available to help you prepare for the CERT - Certified Computer Security Incident Handler (CSIH) examination:

An additional resource is Safari Books Online, a searchable digital library that provides online access to thousands of books, training videos and conference sessions. See the Educational Resources page here on COOL to learn how to get free access.

CERT - Certified Computer Security Incident Handler (CSIH)

Renewal Period: 3 years

The CERT - Certified Computer Security Incident Handler (CSIH) credential has the following recertification information:

  • CSIH certifications are valid for three years. Renewal requirements are listed on the CSIH renewal webpage.